I actually haven't think about that. You mean it's not an issue being
assymetric on the shorewall box if the central firewall route the packets
correctly ?
Make sense, but requires me to ask network team support to check that.I suppose
it gets dropped because connection cannot be tracked.
Is there anything wrong killing the main table and doing PBR only ?
Le 27 juillet 2017 21:12:32 GMT+02:00, Tom Eastep <[email protected]> a
écrit :
>On 07/27/2017 11:57 AM, Adam Cécile wrote:
>> On 07/27/2017 08:51 PM, Tom Eastep wrote:
>>> On 07/27/2017 10:12 AM, Adam Cécile wrote:
>>>> On 07/27/2017 06:39 PM, Tom Eastep wrote:
>>>>>> From the routing rules you posted above, the 'main' table is
>>>>>> traversed
>>>>>> before BPR is used, and the 'main' table will route packets to
>>>>>> 192.168.195.0 out of eth1.
>>>> Sounds like the root of the issue to me !
>>> But do you really think that it is a problem?
>>>
>>> -Tom
>> Yes because any machine from 192.168.195.0/24 network cannot use the
>new
>> 10.13 address, and that the one that will stay, 192.168.195.227 must
>go
>> asap.
>
>So why isn't traffic from the 10.13 interface getting routed properly
>to
>the 192.168.195.0/24 subnet by your network outside of the Shorewall
>box? Clearly it is able to route in the other direction.
>
>-Tom
>--
>Tom Eastep \ Q: What do you get when you cross a mobster with
>Shoreline, \ an international standard?
>Washington, USA \ A: Someone who makes you an offer you can't
>http://shorewall.org \ understand
> \_______________________________________________
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
